From 14a76926a225dec3d29aeffa13ab7ece74f708e5 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 18 May 2010 21:52:17 +0000 Subject: [PATCH] Redirect non-SSL hits to login & register actions to SSL if 'always' or 'sometimes' SSL modes are kicked in. The forms would already submit to SSL, but people are happier if they start on a secure page! Note: this really should be done for sensitive/all URLs in index.php, but it seems a bit awkward to reconstruct the SSL version of the link atm. Cleanup todo! --- actions/login.php | 22 ++++++++++++++++++++++ actions/register.php | 7 +++++++ 2 files changed, 29 insertions(+) diff --git a/actions/login.php b/actions/login.php index dc6352368a..d3e4312f71 100644 --- a/actions/login.php +++ b/actions/login.php @@ -62,6 +62,28 @@ class LoginAction extends Action return false; } + /** + * Prepare page to run + * + * + * @param $args + * @return string title + */ + + function prepare($args) + { + parent::prepare($args); + + // @todo this check should really be in index.php for all sensitive actions + $ssl = common_config('site', 'ssl'); + if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) { + common_redirect(common_local_url('login')); + // exit + } + + return true; + } + /** * Handle input, produce output * diff --git a/actions/register.php b/actions/register.php index 7fdbb4ded6..2fc7ef9219 100644 --- a/actions/register.php +++ b/actions/register.php @@ -74,6 +74,13 @@ class RegisterAction extends Action parent::prepare($args); $this->code = $this->trimmed('code'); + // @todo this check should really be in index.php for all sensitive actions + $ssl = common_config('site', 'ssl'); + if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) { + common_redirect(common_local_url('register')); + // exit + } + if (empty($this->code)) { common_ensure_session(); if (array_key_exists('invitecode', $_SESSION)) { -- 2.39.2